Ruby on Rails
Ruby on Rails (simplified as Rails) is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller (MVC) framework, providing default structures for a database, a web service, and web pages. It encourages and facilitates the use of web standards such as JSON or XML for data transfer and HTML, CSS and JavaScript for user interfacing. In addition to MVC, Rails emphasizes the use of other well-known software engineering patterns and paradigms, including convention over configuration (CoC), don't repeat yourself (DRY), and the active record pattern.[4]
Not to be confused with Ruby (programming language).Original author(s)
Ruby on Rails' emergence in 2005 greatly influenced web app development, through innovative features such as seamless database table creations, migrations, and scaffolding of views to enable rapid application development. Ruby on Rails' influence on other web frameworks remains apparent today, with many frameworks in other languages borrowing its ideas, including Django in Python; Catalyst in Perl; Laravel, CakePHP and Yii in PHP; Grails in Groovy; Phoenix in Elixir; Play in Scala; and Sails.js in Node.js.
Well-known sites that use Ruby on Rails include Airbnb, Crunchbase, Dribbble,[5] GitHub,[6] Twitch[7] and Shopify.
Philosophy and design[edit]
Ruby on Rails is intended to emphasize Convention over Configuration (CoC), and the Don't Repeat Yourself (DRY) principle.
The Rails Doctrine is an enduring enabler that guides the philosophy, design, and implementation of the Ruby on Rails framework.
"Convention over Configuration" means a developer only needs to specify unconventional aspects of the application. For example, if there is a class Sale in the model, the corresponding table in the database is called sales by default. It is only if one deviates from this convention, such as calling the table "products sold", that the developer needs to write code regarding these names. Generally, Ruby on Rails conventions lead to less code and less repetition.[54]
"Don't repeat yourself" means that information is located in a single, unambiguous place. For example, using the ActiveRecord module of Rails, the developer does not need to specify database column names in class definitions. Instead, Ruby on Rails can retrieve this information from the database based on the class name.
"Fat models, skinny controllers" means that most of the application logic should be placed within the model while leaving the controller as light as possible.
HTML Over The Wire (Hotwire),[55][56]
Conceptual compression,[57][58] and robust security[59] mark Rails 7.0's approach to the One person framework.[a]
Reception[edit]
Scalability[edit]
In earlier days, Rails running on Matz's Ruby Interpreter (the de facto reference interpreter for Ruby) had been criticized for issues with scalability.[66] These critics often mentioned various Twitter outages in 2007 and 2008, which spurred Twitter's partial transition to Scala (which runs on the Java Virtual Machine) for their queueing system and other middleware.[67][68] The user interface aspects of the site continued to run Ruby on Rails[69] until 2011 when it was replaced due to concerns over performance.[70] On the other hand, many Rails business application developers relied on system architecture design, including choices of database engine, cache configuration, and servers, to tackle scalability issues. The original author of Rails, David Heinemeier Hansson, criticized Twitter, saying that their problems scaling were the consequences of their own poor architectural decisions and not the fault of Rails. According to Hansson, blaming Rails for their troubles while making no contributions to the framework is ungrateful and unjust.[71]
In 2011, Gartner Research noted that despite criticisms and comparisons to Java, many high-profile consumer web firms are using Ruby on Rails to build scalable web applications. Some of the largest sites running Ruby on Rails include Airbnb, Cookpad, GitHub, GitLab,[72] Scribd, Shopify, and Basecamp.[73] As of January 2016, it is estimated that more than 1.2 million web sites are running Ruby on Rails.[74][75]
Security[edit]
In March 2012, security researcher Egor Homakov discovered a mass assignment vulnerability that allowed certain Rails applications to be remotely exploited, and demonstrated it by non-maliciously hacking GitHub after his earlier attempts at responsible disclosure were dismissed.[76]
On 24 September 2013, a session cookie persistence security flaw was reported in Ruby on Rails. In a default configuration, the entire session hash is stored within a session cookie known as CookieStore, allowing any authenticated session possessing the session cookie to log in as the target user at any time in the future. As a workaround, administrators are advised to configure cookies to be stored on the server using mechanisms such as ActiveRecordStore.[77]
Researchers Daniel Jackson and Joseph Near developed a data debugger they called "Space" that can analyze the data access of a Rails program and determine if the program properly adheres to rules regarding access restrictions. On 15 April 2016, Near reported that an analysis of 50 popular Web applications using Space uncovered 23 previously unknown security flaws.[78]